Data Protection Incidents and Fines: Lessons Learned
Learn from real-life data protection scenarios that led to fines and breaches, such as improper data handling with USB devices, confidential files ending up in public recycling, misdirected emails of sensitive data, and unsecured mobile devices leading to theft. Understand the consequences and best practices to prevent such incidents in handling personal and sensitive data.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Data Protection Scenarios
Moving Data You have a list of subscribers information that you need to move to another computer in the office: You ve decided to use a USB device to do this When you re finished you put the USB device in you pocket What s wrong with this Scenario? North East Lincolnshire Council was find 80,000 after a serious data breach of sensitive information of hundreds of children with special educational needs was lost. The information was stored on an unencrypted memory stick and went missing.
Confidential Destruction You have a large bag of confidential material, finance papers, etc You are trying to save on your budget and decide to put these files into the normal recycle bag You then take this to the local on-street recycling collection point You find out later that some former employees pension records have been posted on-line In 2012 Scottish Borders Council where fined 250,000 when these records where found in a supermarket car park
Sending Personal Data by email You have a list of personal & sensitive data of your best donators and how much they have donated to your cause but they have requested anonymity You need to send the list to the Finance Officer But you forget you were also in the process of sending out a circular to every one on you mailing list You hit send and the personal sensitive data has been sent to everyone on the mailing list Discuss Surrey County Council was fined 120,000 after three data breaches, involving misdirected emails.
Mobile device You use your phone to pick up email It s not password protected You don t use the Outlook app (which is recommended by BCOS) You phone is stolen What can we do to be safe?
Mobile Device (2) You need to take your laptop to a conference to do a presentation It has the data base of all the people going on a Pilgrimage to Lourdes in a few weeks with all their medical data, but you need to work on this when you re on the move You leave your laptop on the train Discuss Glasgow City Council was fined 150,000 for the loss of two unencrypted laptops
Mobile Device (3) You have contacts on your smartphone You pair this with your car s Bluetooth handsfree You put your car in for service. Who has access to the contacts? Discuss In our own case the contacts are downloaded from the phone each time we connect and are not accessible from the car handsfree without the phone being present. In other makes/models of car the contacts are stored in the handsfree unit, so would be accessible to a service mechanic.
Theft of Data You are a Voluntary Youth Centre and have vulnerable young people passing through. You have 3 desktop computers, one of which you use to share information with the local council and the with other social services. Nothing has been deleted from the PC in over 5 year's. It is password protected XYZ123 which is also located on a post-it note inside the desk drawer. Its never been changed. The Centre is broken into and the desktops are all stolen Identify and discuss any Data Protection issues
Theft of Data (2) Organisational and Technical Security of Personal data Retention of Personal data Keeping data longer than needed Data Sharing - there was no agreement in place between the Council and the Centre Password Keep it safe in your head Lack of Technical Security - there is no obligation to encrypt desktop computers, but it helps Training of staff